add users to ldap immediately

Author: simonLeary42

CONTRIBUTING.md

@@ -63,6 +63,7 @@ Notable users:
 - `user1@org1.test` - admin, PI
 - `user2@org1.test` - not admin, not PI
 - `user2000@org2.test` - does not yet have an account
+- `user2005@org1.test` - regsitered but not qualified (not a PI or in a PI group)
 
 ### Changes to Dev Environment
 

README.md

@@ -117,6 +117,8 @@ rm "$prod" && ln -s "$old" "$prod"
 ### 1.3 -> 1.4
 
 - the `[ldap]user_group` option has been renamed to `[ldap]qualified_user_group`
+- the `user_created ` mail template has been renamed to `user_qualified`
+- the `user_dequalified` mail template has been added
 
 ### 1.2 -> 1.3
 

resources/lib/UnityGroup.php

@@ -100,7 +100,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($this->exists()) {
             return;
         }
-        \ensure(!$this->getOwner()->exists());
+        \ensure($this->getOwner()->exists());
         $this->init();
         $this->SQL->removeRequest($this->getOwner()->uid);
         $operator = is_null($operator) ? $this->getOwner()->uid : $operator->uid;
@@ -113,6 +113,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($send_mail) {
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
         }
+        $this->getOwner()->setIsQualified(true); // having your own group makes you qualified
     }
 
     /**
@@ -214,7 +215,7 @@ public function cancelGroupJoinRequest(UnityUser $user, bool $send_mail = true):
     public function approveUser(UnityUser $new_user, bool $send_mail = true): void
     {
         $request = $this->SQL->getRequest($new_user->uid, $this->gid);
-        \ensure(!$new_user->exists());
+        \ensure($new_user->exists());
         $this->addUserToGroup($new_user);
         $this->SQL->removeRequest($new_user->uid, $this->gid);
         if ($send_mail) {
@@ -229,6 +230,7 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void
                 "org" => $new_user->getOrg(),
             ]);
         }
+        $new_user->setIsQualified(true); // being in a group makes you qualified
     }
 
     public function denyUser(UnityUser $new_user, bool $send_mail = true): void

resources/lib/UnityUser.php

@@ -105,24 +105,54 @@ public function init(
             $org->addUser($this);
         }
 
-        $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid);
-        $this->LDAP->getQualifiedUserGroup()->write();
-
-        $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
-        $this->REDIS->appendCacheArray(
-            "sorted_qualified_users",
-            "",
-            $this->uid,
-            $default_value_getter,
-        );
-
         $this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid);
+    }
 
-        if ($send_mail) {
-            $this->MAILER->sendMail($this->getMail(), "user_created", [
-                "user" => $this->uid,
-                "org" => $this->getOrg(),
-            ]);
+    public function isQualified(): bool
+    {
+        return $this->LDAP->getQualifiedUserGroup()->attributeValueExists("memberUid", $this->uid);
+    }
+
+    public function setIsQualified(bool $newIsQualified, bool $doSendMail = true): void
+    {
+        $oldIsQualified = $this->isQualified();
+        if ($oldIsQualified == $newIsQualified) {
+            return;
+        }
+        if ($newIsQualified) {
+            $this->LDAP->getQualifiedUserGroup()->appendAttribute("memberuid", $this->uid);
+            $this->LDAP->getQualifiedUserGroup()->write();
+            $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
+            $this->REDIS->appendCacheArray(
+                "sorted_qualified_users",
+                "",
+                $this->uid,
+                $default_value_getter,
+            );
+            if ($doSendMail) {
+                $this->MAILER->sendMail($this->getMail(), "user_qualified", [
+                    "user" => $this->uid,
+                    "org" => $this->getOrg(),
+                ]);
+            }
+        } else {
+            $this->LDAP
+                ->getQualifiedUserGroup()
+                ->removeAttributeEntryByValue("memberuid", $this->uid);
+            $this->LDAP->getQualifiedUserGroup()->write();
+            $default_value_getter = [$this->LDAP, "getSortedQualifiedUsersForRedis"];
+            $this->REDIS->removeCacheArray(
+                "sorted_qualified_users",
+                "",
+                $this->uid,
+                $default_value_getter,
+            );
+            if ($doSendMail) {
+                $this->MAILER->sendMail($this->getMail(), "user_dequalified", [
+                    "user" => $this->uid,
+                    "org" => $this->getOrg(),
+                ]);
+            }
         }
     }
 

resources/mail/user_dequalified.php

@@ -0,0 +1,10 @@
+<?php
+
+// this template is sent when a user account is no longer qualified
+$this->Subject = "User Deactivated"; ?>
+
+<p>Hello,</p>
+
+<p>Your account on the Unity cluster has been deactivated.</p>
+
+<p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>

resources/mail/user_created.php resources/mail/user_qualified.phpresources/mail/user_created.php renamed to resources/mail/user_qualified.php

@@ -1,7 +1,7 @@
 <?php
 
-// this template is sent when a user account gets created
-$this->Subject = "User Created"; ?>
+// this template is sent when a user account becomes qualified
+$this->Subject = "User Activated"; ?>
 
 <p>Hello,</p>